1 /* 2 * Copyright (C) 2006 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.content; 18 19 import static android.Manifest.permission.INTERACT_ACROSS_USERS; 20 import static android.app.AppOpsManager.MODE_ALLOWED; 21 import static android.app.AppOpsManager.MODE_DEFAULT; 22 import static android.app.AppOpsManager.MODE_ERRORED; 23 import static android.app.AppOpsManager.MODE_IGNORED; 24 import static android.content.pm.PackageManager.PERMISSION_GRANTED; 25 import static android.os.Trace.TRACE_TAG_DATABASE; 26 27 import android.annotation.NonNull; 28 import android.annotation.Nullable; 29 import android.annotation.UnsupportedAppUsage; 30 import android.app.AppOpsManager; 31 import android.content.pm.PathPermission; 32 import android.content.pm.ProviderInfo; 33 import android.content.res.AssetFileDescriptor; 34 import android.content.res.Configuration; 35 import android.database.Cursor; 36 import android.database.MatrixCursor; 37 import android.database.SQLException; 38 import android.net.Uri; 39 import android.os.AsyncTask; 40 import android.os.Binder; 41 import android.os.Build; 42 import android.os.Bundle; 43 import android.os.CancellationSignal; 44 import android.os.IBinder; 45 import android.os.ICancellationSignal; 46 import android.os.ParcelFileDescriptor; 47 import android.os.Process; 48 import android.os.RemoteException; 49 import android.os.Trace; 50 import android.os.UserHandle; 51 import android.os.storage.StorageManager; 52 import android.text.TextUtils; 53 import android.util.Log; 54 55 import com.android.internal.annotations.VisibleForTesting; 56 57 import java.io.File; 58 import java.io.FileDescriptor; 59 import java.io.FileNotFoundException; 60 import java.io.IOException; 61 import java.io.PrintWriter; 62 import java.util.ArrayList; 63 import java.util.Arrays; 64 import java.util.Objects; 65 66 /** 67 * Content providers are one of the primary building blocks of Android applications, providing 68 * content to applications. They encapsulate data and provide it to applications through the single 69 * {@link ContentResolver} interface. A content provider is only required if you need to share 70 * data between multiple applications. For example, the contacts data is used by multiple 71 * applications and must be stored in a content provider. If you don't need to share data amongst 72 * multiple applications you can use a database directly via 73 * {@link android.database.sqlite.SQLiteDatabase}. 74 * 75 * <p>When a request is made via 76 * a {@link ContentResolver} the system inspects the authority of the given URI and passes the 77 * request to the content provider registered with the authority. The content provider can interpret 78 * the rest of the URI however it wants. The {@link UriMatcher} class is helpful for parsing 79 * URIs.</p> 80 * 81 * <p>The primary methods that need to be implemented are: 82 * <ul> 83 * <li>{@link #onCreate} which is called to initialize the provider</li> 84 * <li>{@link #query} which returns data to the caller</li> 85 * <li>{@link #insert} which inserts new data into the content provider</li> 86 * <li>{@link #update} which updates existing data in the content provider</li> 87 * <li>{@link #delete} which deletes data from the content provider</li> 88 * <li>{@link #getType} which returns the MIME type of data in the content provider</li> 89 * </ul></p> 90 * 91 * <p class="caution">Data access methods (such as {@link #insert} and 92 * {@link #update}) may be called from many threads at once, and must be thread-safe. 93 * Other methods (such as {@link #onCreate}) are only called from the application 94 * main thread, and must avoid performing lengthy operations. See the method 95 * descriptions for their expected thread behavior.</p> 96 * 97 * <p>Requests to {@link ContentResolver} are automatically forwarded to the appropriate 98 * ContentProvider instance, so subclasses don't have to worry about the details of 99 * cross-process calls.</p> 100 * 101 * <div class="special reference"> 102 * <h3>Developer Guides</h3> 103 * <p>For more information about using content providers, read the 104 * <a href="{@docRoot}guide/topics/providers/content-providers.html">Content Providers</a> 105 * developer guide.</p> 106 * </div> 107 */ 108 public abstract class ContentProvider implements ContentInterface, ComponentCallbacks2 { 109 110 private static final String TAG = "ContentProvider"; 111 112 /* 113 * Note: if you add methods to ContentProvider, you must add similar methods to 114 * MockContentProvider. 115 */ 116 117 @UnsupportedAppUsage 118 private Context mContext = null; 119 private int mMyUid; 120 121 // Since most Providers have only one authority, we keep both a String and a String[] to improve 122 // performance. 123 @UnsupportedAppUsage 124 private String mAuthority; 125 @UnsupportedAppUsage 126 private String[] mAuthorities; 127 @UnsupportedAppUsage 128 private String mReadPermission; 129 @UnsupportedAppUsage 130 private String mWritePermission; 131 @UnsupportedAppUsage 132 private PathPermission[] mPathPermissions; 133 private boolean mExported; 134 private boolean mNoPerms; 135 private boolean mSingleUser; 136 137 private ThreadLocal<String> mCallingPackage; 138 139 private Transport mTransport = new Transport(); 140 141 /** 142 * Construct a ContentProvider instance. Content providers must be 143 * <a href="{@docRoot}guide/topics/manifest/provider-element.html">declared 144 * in the manifest</a>, accessed with {@link ContentResolver}, and created 145 * automatically by the system, so applications usually do not create 146 * ContentProvider instances directly. 147 * 148 * <p>At construction time, the object is uninitialized, and most fields and 149 * methods are unavailable. Subclasses should initialize themselves in 150 * {@link #onCreate}, not the constructor. 151 * 152 * <p>Content providers are created on the application main thread at 153 * application launch time. The constructor must not perform lengthy 154 * operations, or application startup will be delayed. 155 */ 156 public ContentProvider() { 157 } 158 159 /** 160 * Constructor just for mocking. 161 * 162 * @param context A Context object which should be some mock instance (like the 163 * instance of {@link android.test.mock.MockContext}). 164 * @param readPermission The read permision you want this instance should have in the 165 * test, which is available via {@link #getReadPermission()}. 166 * @param writePermission The write permission you want this instance should have 167 * in the test, which is available via {@link #getWritePermission()}. 168 * @param pathPermissions The PathPermissions you want this instance should have 169 * in the test, which is available via {@link #getPathPermissions()}. 170 * @hide 171 */ 172 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023) 173 public ContentProvider( 174 Context context, 175 String readPermission, 176 String writePermission, 177 PathPermission[] pathPermissions) { 178 mContext = context; 179 mReadPermission = readPermission; 180 mWritePermission = writePermission; 181 mPathPermissions = pathPermissions; 182 } 183 184 /** 185 * Given an IContentProvider, try to coerce it back to the real 186 * ContentProvider object if it is running in the local process. This can 187 * be used if you know you are running in the same process as a provider, 188 * and want to get direct access to its implementation details. Most 189 * clients should not nor have a reason to use it. 190 * 191 * @param abstractInterface The ContentProvider interface that is to be 192 * coerced. 193 * @return If the IContentProvider is non-{@code null} and local, returns its actual 194 * ContentProvider instance. Otherwise returns {@code null}. 195 * @hide 196 */ 197 @UnsupportedAppUsage 198 public static ContentProvider coerceToLocalContentProvider( 199 IContentProvider abstractInterface) { 200 if (abstractInterface instanceof Transport) { 201 return ((Transport)abstractInterface).getContentProvider(); 202 } 203 return null; 204 } 205 206 /** 207 * Binder object that deals with remoting. 208 * 209 * @hide 210 */ 211 class Transport extends ContentProviderNative { 212 volatile AppOpsManager mAppOpsManager = null; 213 volatile int mReadOp = AppOpsManager.OP_NONE; 214 volatile int mWriteOp = AppOpsManager.OP_NONE; 215 volatile ContentInterface mInterface = ContentProvider.this; 216 217 ContentProvider getContentProvider() { 218 return ContentProvider.this; 219 } 220 221 @Override 222 public String getProviderName() { 223 return getContentProvider().getClass().getName(); 224 } 225 226 @Override 227 public Cursor query(String callingPkg, Uri uri, @Nullable String[] projection, 228 @Nullable Bundle queryArgs, @Nullable ICancellationSignal cancellationSignal) { 229 uri = validateIncomingUri(uri); 230 uri = maybeGetUriWithoutUserId(uri); 231 if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) { 232 // The caller has no access to the data, so return an empty cursor with 233 // the columns in the requested order. The caller may ask for an invalid 234 // column and we would not catch that but this is not a problem in practice. 235 // We do not call ContentProvider#query with a modified where clause since 236 // the implementation is not guaranteed to be backed by a SQL database, hence 237 // it may not handle properly the tautology where clause we would have created. 238 if (projection != null) { 239 return new MatrixCursor(projection, 0); 240 } 241 242 // Null projection means all columns but we have no idea which they are. 243 // However, the caller may be expecting to access them my index. Hence, 244 // we have to execute the query as if allowed to get a cursor with the 245 // columns. We then use the column names to return an empty cursor. 246 Cursor cursor; 247 final String original = setCallingPackage(callingPkg); 248 try { 249 cursor = mInterface.query( 250 uri, projection, queryArgs, 251 CancellationSignal.fromTransport(cancellationSignal)); 252 } catch (RemoteException e) { 253 throw e.rethrowAsRuntimeException(); 254 } finally { 255 setCallingPackage(original); 256 } 257 if (cursor == null) { 258 return null; 259 } 260 261 // Return an empty cursor for all columns. 262 return new MatrixCursor(cursor.getColumnNames(), 0); 263 } 264 Trace.traceBegin(TRACE_TAG_DATABASE, "query"); 265 final String original = setCallingPackage(callingPkg); 266 try { 267 return mInterface.query( 268 uri, projection, queryArgs, 269 CancellationSignal.fromTransport(cancellationSignal)); 270 } catch (RemoteException e) { 271 throw e.rethrowAsRuntimeException(); 272 } finally { 273 setCallingPackage(original); 274 Trace.traceEnd(TRACE_TAG_DATABASE); 275 } 276 } 277 278 @Override 279 public String getType(Uri uri) { 280 // getCallingPackage() isn't available in getType(), as the javadoc states. 281 uri = validateIncomingUri(uri); 282 uri = maybeGetUriWithoutUserId(uri); 283 Trace.traceBegin(TRACE_TAG_DATABASE, "getType"); 284 try { 285 return mInterface.getType(uri); 286 } catch (RemoteException e) { 287 throw e.rethrowAsRuntimeException(); 288 } finally { 289 Trace.traceEnd(TRACE_TAG_DATABASE); 290 } 291 } 292 293 @Override 294 public Uri insert(String callingPkg, Uri uri, ContentValues initialValues) { 295 uri = validateIncomingUri(uri); 296 int userId = getUserIdFromUri(uri); 297 uri = maybeGetUriWithoutUserId(uri); 298 if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) { 299 final String original = setCallingPackage(callingPkg); 300 try { 301 return rejectInsert(uri, initialValues); 302 } finally { 303 setCallingPackage(original); 304 } 305 } 306 Trace.traceBegin(TRACE_TAG_DATABASE, "insert"); 307 final String original = setCallingPackage(callingPkg); 308 try { 309 return maybeAddUserId(mInterface.insert(uri, initialValues), userId); 310 } catch (RemoteException e) { 311 throw e.rethrowAsRuntimeException(); 312 } finally { 313 setCallingPackage(original); 314 Trace.traceEnd(TRACE_TAG_DATABASE); 315 } 316 } 317 318 @Override 319 public int bulkInsert(String callingPkg, Uri uri, ContentValues[] initialValues) { 320 uri = validateIncomingUri(uri); 321 uri = maybeGetUriWithoutUserId(uri); 322 if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) { 323 return 0; 324 } 325 Trace.traceBegin(TRACE_TAG_DATABASE, "bulkInsert"); 326 final String original = setCallingPackage(callingPkg); 327 try { 328 return mInterface.bulkInsert(uri, initialValues); 329 } catch (RemoteException e) { 330 throw e.rethrowAsRuntimeException(); 331 } finally { 332 setCallingPackage(original); 333 Trace.traceEnd(TRACE_TAG_DATABASE); 334 } 335 } 336 337 @Override 338 public ContentProviderResult[] applyBatch(String callingPkg, String authority, 339 ArrayList<ContentProviderOperation> operations) 340 throws OperationApplicationException { 341 validateIncomingAuthority(authority); 342 int numOperations = operations.size(); 343 final int[] userIds = new int[numOperations]; 344 for (int i = 0; i < numOperations; i++) { 345 ContentProviderOperation operation = operations.get(i); 346 Uri uri = operation.getUri(); 347 userIds[i] = getUserIdFromUri(uri); 348 uri = validateIncomingUri(uri); 349 uri = maybeGetUriWithoutUserId(uri); 350 // Rebuild operation if we changed the Uri above 351 if (!Objects.equals(operation.getUri(), uri)) { 352 operation = new ContentProviderOperation(operation, uri); 353 operations.set(i, operation); 354 } 355 if (operation.isReadOperation()) { 356 if (enforceReadPermission(callingPkg, uri, null) 357 != AppOpsManager.MODE_ALLOWED) { 358 throw new OperationApplicationException("App op not allowed", 0); 359 } 360 } 361 if (operation.isWriteOperation()) { 362 if (enforceWritePermission(callingPkg, uri, null) 363 != AppOpsManager.MODE_ALLOWED) { 364 throw new OperationApplicationException("App op not allowed", 0); 365 } 366 } 367 } 368 Trace.traceBegin(TRACE_TAG_DATABASE, "applyBatch"); 369 final String original = setCallingPackage(callingPkg); 370 try { 371 ContentProviderResult[] results = mInterface.applyBatch(authority, 372 operations); 373 if (results != null) { 374 for (int i = 0; i < results.length ; i++) { 375 if (userIds[i] != UserHandle.USER_CURRENT) { 376 // Adding the userId to the uri. 377 results[i] = new ContentProviderResult(results[i], userIds[i]); 378 } 379 } 380 } 381 return results; 382 } catch (RemoteException e) { 383 throw e.rethrowAsRuntimeException(); 384 } finally { 385 setCallingPackage(original); 386 Trace.traceEnd(TRACE_TAG_DATABASE); 387 } 388 } 389 390 @Override 391 public int delete(String callingPkg, Uri uri, String selection, String[] selectionArgs) { 392 uri = validateIncomingUri(uri); 393 uri = maybeGetUriWithoutUserId(uri); 394 if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) { 395 return 0; 396 } 397 Trace.traceBegin(TRACE_TAG_DATABASE, "delete"); 398 final String original = setCallingPackage(callingPkg); 399 try { 400 return mInterface.delete(uri, selection, selectionArgs); 401 } catch (RemoteException e) { 402 throw e.rethrowAsRuntimeException(); 403 } finally { 404 setCallingPackage(original); 405 Trace.traceEnd(TRACE_TAG_DATABASE); 406 } 407 } 408 409 @Override 410 public int update(String callingPkg, Uri uri, ContentValues values, String selection, 411 String[] selectionArgs) { 412 uri = validateIncomingUri(uri); 413 uri = maybeGetUriWithoutUserId(uri); 414 if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) { 415 return 0; 416 } 417 Trace.traceBegin(TRACE_TAG_DATABASE, "update"); 418 final String original = setCallingPackage(callingPkg); 419 try { 420 return mInterface.update(uri, values, selection, selectionArgs); 421 } catch (RemoteException e) { 422 throw e.rethrowAsRuntimeException(); 423 } finally { 424 setCallingPackage(original); 425 Trace.traceEnd(TRACE_TAG_DATABASE); 426 } 427 } 428 429 @Override 430 public ParcelFileDescriptor openFile( 431 String callingPkg, Uri uri, String mode, ICancellationSignal cancellationSignal, 432 IBinder callerToken) throws FileNotFoundException { 433 uri = validateIncomingUri(uri); 434 uri = maybeGetUriWithoutUserId(uri); 435 enforceFilePermission(callingPkg, uri, mode, callerToken); 436 Trace.traceBegin(TRACE_TAG_DATABASE, "openFile"); 437 final String original = setCallingPackage(callingPkg); 438 try { 439 return mInterface.openFile( 440 uri, mode, CancellationSignal.fromTransport(cancellationSignal)); 441 } catch (RemoteException e) { 442 throw e.rethrowAsRuntimeException(); 443 } finally { 444 setCallingPackage(original); 445 Trace.traceEnd(TRACE_TAG_DATABASE); 446 } 447 } 448 449 @Override 450 public AssetFileDescriptor openAssetFile( 451 String callingPkg, Uri uri, String mode, ICancellationSignal cancellationSignal) 452 throws FileNotFoundException { 453 uri = validateIncomingUri(uri); 454 uri = maybeGetUriWithoutUserId(uri); 455 enforceFilePermission(callingPkg, uri, mode, null); 456 Trace.traceBegin(TRACE_TAG_DATABASE, "openAssetFile"); 457 final String original = setCallingPackage(callingPkg); 458 try { 459 return mInterface.openAssetFile( 460 uri, mode, CancellationSignal.fromTransport(cancellationSignal)); 461 } catch (RemoteException e) { 462 throw e.rethrowAsRuntimeException(); 463 } finally { 464 setCallingPackage(original); 465 Trace.traceEnd(TRACE_TAG_DATABASE); 466 } 467 } 468 469 @Override 470 public Bundle call(String callingPkg, String authority, String method, @Nullable String arg, 471 @Nullable Bundle extras) { 472 validateIncomingAuthority(authority); 473 Bundle.setDefusable(extras, true); 474 Trace.traceBegin(TRACE_TAG_DATABASE, "call"); 475 final String original = setCallingPackage(callingPkg); 476 try { 477 return mInterface.call(authority, method, arg, extras); 478 } catch (RemoteException e) { 479 throw e.rethrowAsRuntimeException(); 480 } finally { 481 setCallingPackage(original); 482 Trace.traceEnd(TRACE_TAG_DATABASE); 483 } 484 } 485 486 @Override 487 public String[] getStreamTypes(Uri uri, String mimeTypeFilter) { 488 // getCallingPackage() isn't available in getType(), as the javadoc states. 489 uri = validateIncomingUri(uri); 490 uri = maybeGetUriWithoutUserId(uri); 491 Trace.traceBegin(TRACE_TAG_DATABASE, "getStreamTypes"); 492 try { 493 return mInterface.getStreamTypes(uri, mimeTypeFilter); 494 } catch (RemoteException e) { 495 throw e.rethrowAsRuntimeException(); 496 } finally { 497 Trace.traceEnd(TRACE_TAG_DATABASE); 498 } 499 } 500 501 @Override 502 public AssetFileDescriptor openTypedAssetFile(String callingPkg, Uri uri, String mimeType, 503 Bundle opts, ICancellationSignal cancellationSignal) throws FileNotFoundException { 504 Bundle.setDefusable(opts, true); 505 uri = validateIncomingUri(uri); 506 uri = maybeGetUriWithoutUserId(uri); 507 enforceFilePermission(callingPkg, uri, "r", null); 508 Trace.traceBegin(TRACE_TAG_DATABASE, "openTypedAssetFile"); 509 final String original = setCallingPackage(callingPkg); 510 try { 511 return mInterface.openTypedAssetFile( 512 uri, mimeType, opts, CancellationSignal.fromTransport(cancellationSignal)); 513 } catch (RemoteException e) { 514 throw e.rethrowAsRuntimeException(); 515 } finally { 516 setCallingPackage(original); 517 Trace.traceEnd(TRACE_TAG_DATABASE); 518 } 519 } 520 521 @Override 522 public ICancellationSignal createCancellationSignal() { 523 return CancellationSignal.createTransport(); 524 } 525 526 @Override 527 public Uri canonicalize(String callingPkg, Uri uri) { 528 uri = validateIncomingUri(uri); 529 int userId = getUserIdFromUri(uri); 530 uri = getUriWithoutUserId(uri); 531 if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) { 532 return null; 533 } 534 Trace.traceBegin(TRACE_TAG_DATABASE, "canonicalize"); 535 final String original = setCallingPackage(callingPkg); 536 try { 537 return maybeAddUserId(mInterface.canonicalize(uri), userId); 538 } catch (RemoteException e) { 539 throw e.rethrowAsRuntimeException(); 540 } finally { 541 setCallingPackage(original); 542 Trace.traceEnd(TRACE_TAG_DATABASE); 543 } 544 } 545 546 @Override 547 public Uri uncanonicalize(String callingPkg, Uri uri) { 548 uri = validateIncomingUri(uri); 549 int userId = getUserIdFromUri(uri); 550 uri = getUriWithoutUserId(uri); 551 if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) { 552 return null; 553 } 554 Trace.traceBegin(TRACE_TAG_DATABASE, "uncanonicalize"); 555 final String original = setCallingPackage(callingPkg); 556 try { 557 return maybeAddUserId(mInterface.uncanonicalize(uri), userId); 558 } catch (RemoteException e) { 559 throw e.rethrowAsRuntimeException(); 560 } finally { 561 setCallingPackage(original); 562 Trace.traceEnd(TRACE_TAG_DATABASE); 563 } 564 } 565 566 @Override 567 public boolean refresh(String callingPkg, Uri uri, Bundle args, 568 ICancellationSignal cancellationSignal) throws RemoteException { 569 uri = validateIncomingUri(uri); 570 uri = getUriWithoutUserId(uri); 571 if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) { 572 return false; 573 } 574 Trace.traceBegin(TRACE_TAG_DATABASE, "refresh"); 575 final String original = setCallingPackage(callingPkg); 576 try { 577 return mInterface.refresh(uri, args, 578 CancellationSignal.fromTransport(cancellationSignal)); 579 } finally { 580 setCallingPackage(original); 581 Trace.traceEnd(TRACE_TAG_DATABASE); 582 } 583 } 584 585 private void enforceFilePermission(String callingPkg, Uri uri, String mode, 586 IBinder callerToken) throws FileNotFoundException, SecurityException { 587 if (mode != null && mode.indexOf('w') != -1) { 588 if (enforceWritePermission(callingPkg, uri, callerToken) 589 != AppOpsManager.MODE_ALLOWED) { 590 throw new FileNotFoundException("App op not allowed"); 591 } 592 } else { 593 if (enforceReadPermission(callingPkg, uri, callerToken) 594 != AppOpsManager.MODE_ALLOWED) { 595 throw new FileNotFoundException("App op not allowed"); 596 } 597 } 598 } 599 600 private int enforceReadPermission(String callingPkg, Uri uri, IBinder callerToken) 601 throws SecurityException { 602 final int mode = enforceReadPermissionInner(uri, callingPkg, callerToken); 603 if (mode != MODE_ALLOWED) { 604 return mode; 605 } 606 607 return noteProxyOp(callingPkg, mReadOp); 608 } 609 610 private int enforceWritePermission(String callingPkg, Uri uri, IBinder callerToken) 611 throws SecurityException { 612 final int mode = enforceWritePermissionInner(uri, callingPkg, callerToken); 613 if (mode != MODE_ALLOWED) { 614 return mode; 615 } 616 617 return noteProxyOp(callingPkg, mWriteOp); 618 } 619 620 private int noteProxyOp(String callingPkg, int op) { 621 if (op != AppOpsManager.OP_NONE) { 622 int mode = mAppOpsManager.noteProxyOp(op, callingPkg); 623 return mode == MODE_DEFAULT ? MODE_IGNORED : mode; 624 } 625 626 return AppOpsManager.MODE_ALLOWED; 627 } 628 } 629 630 boolean checkUser(int pid, int uid, Context context) { 631 return UserHandle.getUserId(uid) == context.getUserId() 632 || mSingleUser 633 || context.checkPermission(INTERACT_ACROSS_USERS, pid, uid) 634 == PERMISSION_GRANTED; 635 } 636 637 /** 638 * Verify that calling app holds both the given permission and any app-op 639 * associated with that permission. 640 */ 641 private int checkPermissionAndAppOp(String permission, String callingPkg, 642 IBinder callerToken) { 643 if (getContext().checkPermission(permission, Binder.getCallingPid(), Binder.getCallingUid(), 644 callerToken) != PERMISSION_GRANTED) { 645 return MODE_ERRORED; 646 } 647 648 return mTransport.noteProxyOp(callingPkg, AppOpsManager.permissionToOpCode(permission)); 649 } 650 651 /** {@hide} */ 652 protected int enforceReadPermissionInner(Uri uri, String callingPkg, IBinder callerToken) 653 throws SecurityException { 654 final Context context = getContext(); 655 final int pid = Binder.getCallingPid(); 656 final int uid = Binder.getCallingUid(); 657 String missingPerm = null; 658 int strongestMode = MODE_ALLOWED; 659 660 if (UserHandle.isSameApp(uid, mMyUid)) { 661 return MODE_ALLOWED; 662 } 663 664 if (mExported && checkUser(pid, uid, context)) { 665 final String componentPerm = getReadPermission(); 666 if (componentPerm != null) { 667 final int mode = checkPermissionAndAppOp(componentPerm, callingPkg, callerToken); 668 if (mode == MODE_ALLOWED) { 669 return MODE_ALLOWED; 670 } else { 671 missingPerm = componentPerm; 672 strongestMode = Math.max(strongestMode, mode); 673 } 674 } 675 676 // track if unprotected read is allowed; any denied 677 // <path-permission> below removes this ability 678 boolean allowDefaultRead = (componentPerm == null); 679 680 final PathPermission[] pps = getPathPermissions(); 681 if (pps != null) { 682 final String path = uri.getPath(); 683 for (PathPermission pp : pps) { 684 final String pathPerm = pp.getReadPermission(); 685 if (pathPerm != null && pp.match(path)) { 686 final int mode = checkPermissionAndAppOp(pathPerm, callingPkg, callerToken); 687 if (mode == MODE_ALLOWED) { 688 return MODE_ALLOWED; 689 } else { 690 // any denied <path-permission> means we lose 691 // default <provider> access. 692 allowDefaultRead = false; 693 missingPerm = pathPerm; 694 strongestMode = Math.max(strongestMode, mode); 695 } 696 } 697 } 698 } 699 700 // if we passed <path-permission> checks above, and no default 701 // <provider> permission, then allow access. 702 if (allowDefaultRead) return MODE_ALLOWED; 703 } 704 705 // last chance, check against any uri grants 706 final int callingUserId = UserHandle.getUserId(uid); 707 final Uri userUri = (mSingleUser && !UserHandle.isSameUser(mMyUid, uid)) 708 ? maybeAddUserId(uri, callingUserId) : uri; 709 if (context.checkUriPermission(userUri, pid, uid, Intent.FLAG_GRANT_READ_URI_PERMISSION, 710 callerToken) == PERMISSION_GRANTED) { 711 return MODE_ALLOWED; 712 } 713 714 // If the worst denial we found above was ignored, then pass that 715 // ignored through; otherwise we assume it should be a real error below. 716 if (strongestMode == MODE_IGNORED) { 717 return MODE_IGNORED; 718 } 719 720 final String suffix; 721 if (android.Manifest.permission.MANAGE_DOCUMENTS.equals(mReadPermission)) { 722 suffix = " requires that you obtain access using ACTION_OPEN_DOCUMENT or related APIs"; 723 } else if (mExported) { 724 suffix = " requires " + missingPerm + ", or grantUriPermission()"; 725 } else { 726 suffix = " requires the provider be exported, or grantUriPermission()"; 727 } 728 throw new SecurityException("Permission Denial: reading " 729 + ContentProvider.this.getClass().getName() + " uri " + uri + " from pid=" + pid 730 + ", uid=" + uid + suffix); 731 } 732 733 /** {@hide} */ 734 protected int enforceWritePermissionInner(Uri uri, String callingPkg, IBinder callerToken) 735 throws SecurityException { 736 final Context context = getContext(); 737 final int pid = Binder.getCallingPid(); 738 final int uid = Binder.getCallingUid(); 739 String missingPerm = null; 740 int strongestMode = MODE_ALLOWED; 741 742 if (UserHandle.isSameApp(uid, mMyUid)) { 743 return MODE_ALLOWED; 744 } 745 746 if (mExported && checkUser(pid, uid, context)) { 747 final String componentPerm = getWritePermission(); 748 if (componentPerm != null) { 749 final int mode = checkPermissionAndAppOp(componentPerm, callingPkg, callerToken); 750 if (mode == MODE_ALLOWED) { 751 return MODE_ALLOWED; 752 } else { 753 missingPerm = componentPerm; 754 strongestMode = Math.max(strongestMode, mode); 755 } 756 } 757 758 // track if unprotected write is allowed; any denied 759 // <path-permission> below removes this ability 760 boolean allowDefaultWrite = (componentPerm == null); 761 762 final PathPermission[] pps = getPathPermissions(); 763 if (pps != null) { 764 final String path = uri.getPath(); 765 for (PathPermission pp : pps) { 766 final String pathPerm = pp.getWritePermission(); 767 if (pathPerm != null && pp.match(path)) { 768 final int mode = checkPermissionAndAppOp(pathPerm, callingPkg, callerToken); 769 if (mode == MODE_ALLOWED) { 770 return MODE_ALLOWED; 771 } else { 772 // any denied <path-permission> means we lose 773 // default <provider> access. 774 allowDefaultWrite = false; 775 missingPerm = pathPerm; 776 strongestMode = Math.max(strongestMode, mode); 777 } 778 } 779 } 780 } 781 782 // if we passed <path-permission> checks above, and no default 783 // <provider> permission, then allow access. 784 if (allowDefaultWrite) return MODE_ALLOWED; 785 } 786 787 // last chance, check against any uri grants 788 if (context.checkUriPermission(uri, pid, uid, Intent.FLAG_GRANT_WRITE_URI_PERMISSION, 789 callerToken) == PERMISSION_GRANTED) { 790 return MODE_ALLOWED; 791 } 792 793 // If the worst denial we found above was ignored, then pass that 794 // ignored through; otherwise we assume it should be a real error below. 795 if (strongestMode == MODE_IGNORED) { 796 return MODE_IGNORED; 797 } 798 799 final String failReason = mExported 800 ? " requires " + missingPerm + ", or grantUriPermission()" 801 : " requires the provider be exported, or grantUriPermission()"; 802 throw new SecurityException("Permission Denial: writing " 803 + ContentProvider.this.getClass().getName() + " uri " + uri + " from pid=" + pid 804 + ", uid=" + uid + failReason); 805 } 806 807 /** 808 * Retrieves the Context this provider is running in. Only available once 809 * {@link #onCreate} has been called -- this will return {@code null} in the 810 * constructor. 811 */ 812 public final @Nullable Context getContext() { 813 return mContext; 814 } 815 816 /** 817 * Set the calling package, returning the current value (or {@code null}) 818 * which can be used later to restore the previous state. 819 */ 820 private String setCallingPackage(String callingPackage) { 821 final String original = mCallingPackage.get(); 822 mCallingPackage.set(callingPackage); 823 onCallingPackageChanged(); 824 return original; 825 } 826 827 /** 828 * Return the package name of the caller that initiated the request being 829 * processed on the current thread. The returned package will have been 830 * verified to belong to the calling UID. Returns {@code null} if not 831 * currently processing a request. 832 * <p> 833 * This will always return {@code null} when processing 834 * {@link #getType(Uri)} or {@link #getStreamTypes(Uri, String)} requests. 835 * 836 * @see Binder#getCallingUid() 837 * @see Context#grantUriPermission(String, Uri, int) 838 * @throws SecurityException if the calling package doesn't belong to the 839 * calling UID. 840 */ 841 public final @Nullable String getCallingPackage() { 842 final String pkg = mCallingPackage.get(); 843 if (pkg != null) { 844 mTransport.mAppOpsManager.checkPackage(Binder.getCallingUid(), pkg); 845 } 846 return pkg; 847 } 848 849 /** {@hide} */ 850 public final @Nullable String getCallingPackageUnchecked() { 851 return mCallingPackage.get(); 852 } 853 854 /** {@hide} */ 855 public void onCallingPackageChanged() { 856 } 857 858 /** 859 * Opaque token representing the identity of an incoming IPC. 860 */ 861 public final class CallingIdentity { 862 /** {@hide} */ 863 public final long binderToken; 864 /** {@hide} */ 865 public final String callingPackage; 866 867 /** {@hide} */ 868 public CallingIdentity(long binderToken, String callingPackage) { 869 this.binderToken = binderToken; 870 this.callingPackage = callingPackage; 871 } 872 } 873 874 /** 875 * Reset the identity of the incoming IPC on the current thread. 876 * <p> 877 * Internally this calls {@link Binder#clearCallingIdentity()} and also 878 * clears any value stored in {@link #getCallingPackage()}. 879 * 880 * @return Returns an opaque token that can be used to restore the original 881 * calling identity by passing it to 882 * {@link #restoreCallingIdentity}. 883 */ 884 public final @NonNull CallingIdentity clearCallingIdentity() { 885 return new CallingIdentity(Binder.clearCallingIdentity(), setCallingPackage(null)); 886 } 887 888 /** 889 * Restore the identity of the incoming IPC on the current thread back to a 890 * previously identity that was returned by {@link #clearCallingIdentity}. 891 * <p> 892 * Internally this calls {@link Binder#restoreCallingIdentity(long)} and 893 * also restores any value stored in {@link #getCallingPackage()}. 894 */ 895 public final void restoreCallingIdentity(@NonNull CallingIdentity identity) { 896 Binder.restoreCallingIdentity(identity.binderToken); 897 mCallingPackage.set(identity.callingPackage); 898 } 899 900 /** 901 * Change the authorities of the ContentProvider. 902 * This is normally set for you from its manifest information when the provider is first 903 * created. 904 * @hide 905 * @param authorities the semi-colon separated authorities of the ContentProvider. 906 */ 907 protected final void setAuthorities(String authorities) { 908 if (authorities != null) { 909 if (authorities.indexOf(';') == -1) { 910 mAuthority = authorities; 911 mAuthorities = null; 912 } else { 913 mAuthority = null; 914 mAuthorities = authorities.split(";"); 915 } 916 } 917 } 918 919 /** @hide */ 920 protected final boolean matchesOurAuthorities(String authority) { 921 if (mAuthority != null) { 922 return mAuthority.equals(authority); 923 } 924 if (mAuthorities != null) { 925 int length = mAuthorities.length; 926 for (int i = 0; i < length; i++) { 927 if (mAuthorities[i].equals(authority)) return true; 928 } 929 } 930 return false; 931 } 932 933 934 /** 935 * Change the permission required to read data from the content 936 * provider. This is normally set for you from its manifest information 937 * when the provider is first created. 938 * 939 * @param permission Name of the permission required for read-only access. 940 */ 941 protected final void setReadPermission(@Nullable String permission) { 942 mReadPermission = permission; 943 } 944 945 /** 946 * Return the name of the permission required for read-only access to 947 * this content provider. This method can be called from multiple 948 * threads, as described in 949 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 950 * and Threads</a>. 951 */ 952 public final @Nullable String getReadPermission() { 953 return mReadPermission; 954 } 955 956 /** 957 * Change the permission required to read and write data in the content 958 * provider. This is normally set for you from its manifest information 959 * when the provider is first created. 960 * 961 * @param permission Name of the permission required for read/write access. 962 */ 963 protected final void setWritePermission(@Nullable String permission) { 964 mWritePermission = permission; 965 } 966 967 /** 968 * Return the name of the permission required for read/write access to 969 * this content provider. This method can be called from multiple 970 * threads, as described in 971 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 972 * and Threads</a>. 973 */ 974 public final @Nullable String getWritePermission() { 975 return mWritePermission; 976 } 977 978 /** 979 * Change the path-based permission required to read and/or write data in 980 * the content provider. This is normally set for you from its manifest 981 * information when the provider is first created. 982 * 983 * @param permissions Array of path permission descriptions. 984 */ 985 protected final void setPathPermissions(@Nullable PathPermission[] permissions) { 986 mPathPermissions = permissions; 987 } 988 989 /** 990 * Return the path-based permissions required for read and/or write access to 991 * this content provider. This method can be called from multiple 992 * threads, as described in 993 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 994 * and Threads</a>. 995 */ 996 public final @Nullable PathPermission[] getPathPermissions() { 997 return mPathPermissions; 998 } 999 1000 /** @hide */ 1001 @UnsupportedAppUsage 1002 public final void setAppOps(int readOp, int writeOp) { 1003 if (!mNoPerms) { 1004 mTransport.mReadOp = readOp; 1005 mTransport.mWriteOp = writeOp; 1006 } 1007 } 1008 1009 /** @hide */ 1010 public AppOpsManager getAppOpsManager() { 1011 return mTransport.mAppOpsManager; 1012 } 1013 1014 /** @hide */ 1015 public final void setTransportLoggingEnabled(boolean enabled) { 1016 if (enabled) { 1017 mTransport.mInterface = new LoggingContentInterface(getClass().getSimpleName(), this); 1018 } else { 1019 mTransport.mInterface = this; 1020 } 1021 } 1022 1023 /** 1024 * Implement this to initialize your content provider on startup. 1025 * This method is called for all registered content providers on the 1026 * application main thread at application launch time. It must not perform 1027 * lengthy operations, or application startup will be delayed. 1028 * 1029 * <p>You should defer nontrivial initialization (such as opening, 1030 * upgrading, and scanning databases) until the content provider is used 1031 * (via {@link #query}, {@link #insert}, etc). Deferred initialization 1032 * keeps application startup fast, avoids unnecessary work if the provider 1033 * turns out not to be needed, and stops database errors (such as a full 1034 * disk) from halting application launch. 1035 * 1036 * <p>If you use SQLite, {@link android.database.sqlite.SQLiteOpenHelper} 1037 * is a helpful utility class that makes it easy to manage databases, 1038 * and will automatically defer opening until first use. If you do use 1039 * SQLiteOpenHelper, make sure to avoid calling 1040 * {@link android.database.sqlite.SQLiteOpenHelper#getReadableDatabase} or 1041 * {@link android.database.sqlite.SQLiteOpenHelper#getWritableDatabase} 1042 * from this method. (Instead, override 1043 * {@link android.database.sqlite.SQLiteOpenHelper#onOpen} to initialize the 1044 * database when it is first opened.) 1045 * 1046 * @return true if the provider was successfully loaded, false otherwise 1047 */ 1048 public abstract boolean onCreate(); 1049 1050 /** 1051 * {@inheritDoc} 1052 * This method is always called on the application main thread, and must 1053 * not perform lengthy operations. 1054 * 1055 * <p>The default content provider implementation does nothing. 1056 * Override this method to take appropriate action. 1057 * (Content providers do not usually care about things like screen 1058 * orientation, but may want to know about locale changes.) 1059 */ 1060 @Override 1061 public void onConfigurationChanged(Configuration newConfig) { 1062 } 1063 1064 /** 1065 * {@inheritDoc} 1066 * This method is always called on the application main thread, and must 1067 * not perform lengthy operations. 1068 * 1069 * <p>The default content provider implementation does nothing. 1070 * Subclasses may override this method to take appropriate action. 1071 */ 1072 @Override 1073 public void onLowMemory() { 1074 } 1075 1076 @Override 1077 public void onTrimMemory(int level) { 1078 } 1079 1080 /** 1081 * Implement this to handle query requests from clients. 1082 * 1083 * <p>Apps targeting {@link android.os.Build.VERSION_CODES#O} or higher should override 1084 * {@link #query(Uri, String[], Bundle, CancellationSignal)} and provide a stub 1085 * implementation of this method. 1086 * 1087 * <p>This method can be called from multiple threads, as described in 1088 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1089 * and Threads</a>. 1090 * <p> 1091 * Example client call:<p> 1092 * <pre>// Request a specific record. 1093 * Cursor managedCursor = managedQuery( 1094 ContentUris.withAppendedId(Contacts.People.CONTENT_URI, 2), 1095 projection, // Which columns to return. 1096 null, // WHERE clause. 1097 null, // WHERE clause value substitution 1098 People.NAME + " ASC"); // Sort order.</pre> 1099 * Example implementation:<p> 1100 * <pre>// SQLiteQueryBuilder is a helper class that creates the 1101 // proper SQL syntax for us. 1102 SQLiteQueryBuilder qBuilder = new SQLiteQueryBuilder(); 1103 1104 // Set the table we're querying. 1105 qBuilder.setTables(DATABASE_TABLE_NAME); 1106 1107 // If the query ends in a specific record number, we're 1108 // being asked for a specific record, so set the 1109 // WHERE clause in our query. 1110 if((URI_MATCHER.match(uri)) == SPECIFIC_MESSAGE){ 1111 qBuilder.appendWhere("_id=" + uri.getPathLeafId()); 1112 } 1113 1114 // Make the query. 1115 Cursor c = qBuilder.query(mDb, 1116 projection, 1117 selection, 1118 selectionArgs, 1119 groupBy, 1120 having, 1121 sortOrder); 1122 c.setNotificationUri(getContext().getContentResolver(), uri); 1123 return c;</pre> 1124 * 1125 * @param uri The URI to query. This will be the full URI sent by the client; 1126 * if the client is requesting a specific record, the URI will end in a record number 1127 * that the implementation should parse and add to a WHERE or HAVING clause, specifying 1128 * that _id value. 1129 * @param projection The list of columns to put into the cursor. If 1130 * {@code null} all columns are included. 1131 * @param selection A selection criteria to apply when filtering rows. 1132 * If {@code null} then all rows are included. 1133 * @param selectionArgs You may include ?s in selection, which will be replaced by 1134 * the values from selectionArgs, in order that they appear in the selection. 1135 * The values will be bound as Strings. 1136 * @param sortOrder How the rows in the cursor should be sorted. 1137 * If {@code null} then the provider is free to define the sort order. 1138 * @return a Cursor or {@code null}. 1139 */ 1140 public abstract @Nullable Cursor query(@NonNull Uri uri, @Nullable String[] projection, 1141 @Nullable String selection, @Nullable String[] selectionArgs, 1142 @Nullable String sortOrder); 1143 1144 /** 1145 * Implement this to handle query requests from clients with support for cancellation. 1146 * 1147 * <p>Apps targeting {@link android.os.Build.VERSION_CODES#O} or higher should override 1148 * {@link #query(Uri, String[], Bundle, CancellationSignal)} instead of this method. 1149 * 1150 * <p>This method can be called from multiple threads, as described in 1151 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1152 * and Threads</a>. 1153 * <p> 1154 * Example client call:<p> 1155 * <pre>// Request a specific record. 1156 * Cursor managedCursor = managedQuery( 1157 ContentUris.withAppendedId(Contacts.People.CONTENT_URI, 2), 1158 projection, // Which columns to return. 1159 null, // WHERE clause. 1160 null, // WHERE clause value substitution 1161 People.NAME + " ASC"); // Sort order.</pre> 1162 * Example implementation:<p> 1163 * <pre>// SQLiteQueryBuilder is a helper class that creates the 1164 // proper SQL syntax for us. 1165 SQLiteQueryBuilder qBuilder = new SQLiteQueryBuilder(); 1166 1167 // Set the table we're querying. 1168 qBuilder.setTables(DATABASE_TABLE_NAME); 1169 1170 // If the query ends in a specific record number, we're 1171 // being asked for a specific record, so set the 1172 // WHERE clause in our query. 1173 if((URI_MATCHER.match(uri)) == SPECIFIC_MESSAGE){ 1174 qBuilder.appendWhere("_id=" + uri.getPathLeafId()); 1175 } 1176 1177 // Make the query. 1178 Cursor c = qBuilder.query(mDb, 1179 projection, 1180 selection, 1181 selectionArgs, 1182 groupBy, 1183 having, 1184 sortOrder); 1185 c.setNotificationUri(getContext().getContentResolver(), uri); 1186 return c;</pre> 1187 * <p> 1188 * If you implement this method then you must also implement the version of 1189 * {@link #query(Uri, String[], String, String[], String)} that does not take a cancellation 1190 * signal to ensure correct operation on older versions of the Android Framework in 1191 * which the cancellation signal overload was not available. 1192 * 1193 * @param uri The URI to query. This will be the full URI sent by the client; 1194 * if the client is requesting a specific record, the URI will end in a record number 1195 * that the implementation should parse and add to a WHERE or HAVING clause, specifying 1196 * that _id value. 1197 * @param projection The list of columns to put into the cursor. If 1198 * {@code null} all columns are included. 1199 * @param selection A selection criteria to apply when filtering rows. 1200 * If {@code null} then all rows are included. 1201 * @param selectionArgs You may include ?s in selection, which will be replaced by 1202 * the values from selectionArgs, in order that they appear in the selection. 1203 * The values will be bound as Strings. 1204 * @param sortOrder How the rows in the cursor should be sorted. 1205 * If {@code null} then the provider is free to define the sort order. 1206 * @param cancellationSignal A signal to cancel the operation in progress, or {@code null} if none. 1207 * If the operation is canceled, then {@link android.os.OperationCanceledException} will be thrown 1208 * when the query is executed. 1209 * @return a Cursor or {@code null}. 1210 */ 1211 public @Nullable Cursor query(@NonNull Uri uri, @Nullable String[] projection, 1212 @Nullable String selection, @Nullable String[] selectionArgs, 1213 @Nullable String sortOrder, @Nullable CancellationSignal cancellationSignal) { 1214 return query(uri, projection, selection, selectionArgs, sortOrder); 1215 } 1216 1217 /** 1218 * Implement this to handle query requests where the arguments are packed into a {@link Bundle}. 1219 * Arguments may include traditional SQL style query arguments. When present these 1220 * should be handled according to the contract established in 1221 * {@link #query(Uri, String[], String, String[], String, CancellationSignal)}. 1222 * 1223 * <p>Traditional SQL arguments can be found in the bundle using the following keys: 1224 * <li>{@link android.content.ContentResolver#QUERY_ARG_SQL_SELECTION} 1225 * <li>{@link android.content.ContentResolver#QUERY_ARG_SQL_SELECTION_ARGS} 1226 * <li>{@link android.content.ContentResolver#QUERY_ARG_SQL_SORT_ORDER} 1227 * 1228 * <p>This method can be called from multiple threads, as described in 1229 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1230 * and Threads</a>. 1231 * 1232 * <p> 1233 * Example client call:<p> 1234 * <pre>// Request 20 records starting at row index 30. 1235 Bundle queryArgs = new Bundle(); 1236 queryArgs.putInt(ContentResolver.QUERY_ARG_OFFSET, 30); 1237 queryArgs.putInt(ContentResolver.QUERY_ARG_LIMIT, 20); 1238 1239 Cursor cursor = getContentResolver().query( 1240 contentUri, // Content Uri is specific to individual content providers. 1241 projection, // String[] describing which columns to return. 1242 queryArgs, // Query arguments. 1243 null); // Cancellation signal.</pre> 1244 * 1245 * Example implementation:<p> 1246 * <pre> 1247 1248 int recordsetSize = 0x1000; // Actual value is implementation specific. 1249 queryArgs = queryArgs != null ? queryArgs : Bundle.EMPTY; // ensure queryArgs is non-null 1250 1251 int offset = queryArgs.getInt(ContentResolver.QUERY_ARG_OFFSET, 0); 1252 int limit = queryArgs.getInt(ContentResolver.QUERY_ARG_LIMIT, Integer.MIN_VALUE); 1253 1254 MatrixCursor c = new MatrixCursor(PROJECTION, limit); 1255 1256 // Calculate the number of items to include in the cursor. 1257 int numItems = MathUtils.constrain(recordsetSize - offset, 0, limit); 1258 1259 // Build the paged result set.... 1260 for (int i = offset; i < offset + numItems; i++) { 1261 // populate row from your data. 1262 } 1263 1264 Bundle extras = new Bundle(); 1265 c.setExtras(extras); 1266 1267 // Any QUERY_ARG_* key may be included if honored. 1268 // In an actual implementation, include only keys that are both present in queryArgs 1269 // and reflected in the Cursor output. For example, if QUERY_ARG_OFFSET were included 1270 // in queryArgs, but was ignored because it contained an invalid value (like 273), 1271 // then QUERY_ARG_OFFSET should be omitted. 1272 extras.putStringArray(ContentResolver.EXTRA_HONORED_ARGS, new String[] { 1273 ContentResolver.QUERY_ARG_OFFSET, 1274 ContentResolver.QUERY_ARG_LIMIT 1275 }); 1276 1277 extras.putInt(ContentResolver.EXTRA_TOTAL_COUNT, recordsetSize); 1278 1279 cursor.setNotificationUri(getContext().getContentResolver(), uri); 1280 1281 return cursor;</pre> 1282 * <p> 1283 * See {@link #query(Uri, String[], String, String[], String, CancellationSignal)} 1284 * for implementation details. 1285 * 1286 * @param uri The URI to query. This will be the full URI sent by the client. 1287 * @param projection The list of columns to put into the cursor. 1288 * If {@code null} provide a default set of columns. 1289 * @param queryArgs A Bundle containing all additional information necessary for the query. 1290 * Values in the Bundle may include SQL style arguments. 1291 * @param cancellationSignal A signal to cancel the operation in progress, 1292 * or {@code null}. 1293 * @return a Cursor or {@code null}. 1294 */ 1295 @Override 1296 public @Nullable Cursor query(@NonNull Uri uri, @Nullable String[] projection, 1297 @Nullable Bundle queryArgs, @Nullable CancellationSignal cancellationSignal) { 1298 queryArgs = queryArgs != null ? queryArgs : Bundle.EMPTY; 1299 1300 // if client doesn't supply an SQL sort order argument, attempt to build one from 1301 // QUERY_ARG_SORT* arguments. 1302 String sortClause = queryArgs.getString(ContentResolver.QUERY_ARG_SQL_SORT_ORDER); 1303 if (sortClause == null && queryArgs.containsKey(ContentResolver.QUERY_ARG_SORT_COLUMNS)) { 1304 sortClause = ContentResolver.createSqlSortClause(queryArgs); 1305 } 1306 1307 return query( 1308 uri, 1309 projection, 1310 queryArgs.getString(ContentResolver.QUERY_ARG_SQL_SELECTION), 1311 queryArgs.getStringArray(ContentResolver.QUERY_ARG_SQL_SELECTION_ARGS), 1312 sortClause, 1313 cancellationSignal); 1314 } 1315 1316 /** 1317 * Implement this to handle requests for the MIME type of the data at the 1318 * given URI. The returned MIME type should start with 1319 * <code>vnd.android.cursor.item</code> for a single record, 1320 * or <code>vnd.android.cursor.dir/</code> for multiple items. 1321 * This method can be called from multiple threads, as described in 1322 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1323 * and Threads</a>. 1324 * 1325 * <p>Note that there are no permissions needed for an application to 1326 * access this information; if your content provider requires read and/or 1327 * write permissions, or is not exported, all applications can still call 1328 * this method regardless of their access permissions. This allows them 1329 * to retrieve the MIME type for a URI when dispatching intents. 1330 * 1331 * @param uri the URI to query. 1332 * @return a MIME type string, or {@code null} if there is no type. 1333 */ 1334 @Override 1335 public abstract @Nullable String getType(@NonNull Uri uri); 1336 1337 /** 1338 * Implement this to support canonicalization of URIs that refer to your 1339 * content provider. A canonical URI is one that can be transported across 1340 * devices, backup/restore, and other contexts, and still be able to refer 1341 * to the same data item. Typically this is implemented by adding query 1342 * params to the URI allowing the content provider to verify that an incoming 1343 * canonical URI references the same data as it was originally intended for and, 1344 * if it doesn't, to find that data (if it exists) in the current environment. 1345 * 1346 * <p>For example, if the content provider holds people and a normal URI in it 1347 * is created with a row index into that people database, the cananical representation 1348 * may have an additional query param at the end which specifies the name of the 1349 * person it is intended for. Later calls into the provider with that URI will look 1350 * up the row of that URI's base index and, if it doesn't match or its entry's 1351 * name doesn't match the name in the query param, perform a query on its database 1352 * to find the correct row to operate on.</p> 1353 * 1354 * <p>If you implement support for canonical URIs, <b>all</b> incoming calls with 1355 * URIs (including this one) must perform this verification and recovery of any 1356 * canonical URIs they receive. In addition, you must also implement 1357 * {@link #uncanonicalize} to strip the canonicalization of any of these URIs.</p> 1358 * 1359 * <p>The default implementation of this method returns null, indicating that 1360 * canonical URIs are not supported.</p> 1361 * 1362 * @param url The Uri to canonicalize. 1363 * 1364 * @return Return the canonical representation of <var>url</var>, or null if 1365 * canonicalization of that Uri is not supported. 1366 */ 1367 @Override 1368 public @Nullable Uri canonicalize(@NonNull Uri url) { 1369 return null; 1370 } 1371 1372 /** 1373 * Remove canonicalization from canonical URIs previously returned by 1374 * {@link #canonicalize}. For example, if your implementation is to add 1375 * a query param to canonicalize a URI, this method can simply trip any 1376 * query params on the URI. The default implementation always returns the 1377 * same <var>url</var> that was passed in. 1378 * 1379 * @param url The Uri to remove any canonicalization from. 1380 * 1381 * @return Return the non-canonical representation of <var>url</var>, return 1382 * the <var>url</var> as-is if there is nothing to do, or return null if 1383 * the data identified by the canonical representation can not be found in 1384 * the current environment. 1385 */ 1386 @Override 1387 public @Nullable Uri uncanonicalize(@NonNull Uri url) { 1388 return url; 1389 } 1390 1391 /** 1392 * Implement this to support refresh of content identified by {@code uri}. By default, this 1393 * method returns false; providers who wish to implement this should return true to signal the 1394 * client that the provider has tried refreshing with its own implementation. 1395 * <p> 1396 * This allows clients to request an explicit refresh of content identified by {@code uri}. 1397 * <p> 1398 * Client code should only invoke this method when there is a strong indication (such as a user 1399 * initiated pull to refresh gesture) that the content is stale. 1400 * <p> 1401 * Remember to send {@link ContentResolver#notifyChange(Uri, android.database.ContentObserver)} 1402 * notifications when content changes. 1403 * 1404 * @param uri The Uri identifying the data to refresh. 1405 * @param args Additional options from the client. The definitions of these are specific to the 1406 * content provider being called. 1407 * @param cancellationSignal A signal to cancel the operation in progress, or {@code null} if 1408 * none. For example, if you called refresh on a particular uri, you should call 1409 * {@link CancellationSignal#throwIfCanceled()} to check whether the client has 1410 * canceled the refresh request. 1411 * @return true if the provider actually tried refreshing. 1412 */ 1413 @Override 1414 public boolean refresh(Uri uri, @Nullable Bundle args, 1415 @Nullable CancellationSignal cancellationSignal) { 1416 return false; 1417 } 1418 1419 /** 1420 * @hide 1421 * Implementation when a caller has performed an insert on the content 1422 * provider, but that call has been rejected for the operation given 1423 * to {@link #setAppOps(int, int)}. The default implementation simply 1424 * returns a dummy URI that is the base URI with a 0 path element 1425 * appended. 1426 */ 1427 public Uri rejectInsert(Uri uri, ContentValues values) { 1428 // If not allowed, we need to return some reasonable URI. Maybe the 1429 // content provider should be responsible for this, but for now we 1430 // will just return the base URI with a dummy '0' tagged on to it. 1431 // You shouldn't be able to read if you can't write, anyway, so it 1432 // shouldn't matter much what is returned. 1433 return uri.buildUpon().appendPath("0").build(); 1434 } 1435 1436 /** 1437 * Implement this to handle requests to insert a new row. 1438 * As a courtesy, call {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) notifyChange()} 1439 * after inserting. 1440 * This method can be called from multiple threads, as described in 1441 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1442 * and Threads</a>. 1443 * @param uri The content:// URI of the insertion request. This must not be {@code null}. 1444 * @param values A set of column_name/value pairs to add to the database. 1445 * This must not be {@code null}. 1446 * @return The URI for the newly inserted item. 1447 */ 1448 @Override 1449 public abstract @Nullable Uri insert(@NonNull Uri uri, @Nullable ContentValues values); 1450 1451 /** 1452 * Override this to handle requests to insert a set of new rows, or the 1453 * default implementation will iterate over the values and call 1454 * {@link #insert} on each of them. 1455 * As a courtesy, call {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) notifyChange()} 1456 * after inserting. 1457 * This method can be called from multiple threads, as described in 1458 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1459 * and Threads</a>. 1460 * 1461 * @param uri The content:// URI of the insertion request. 1462 * @param values An array of sets of column_name/value pairs to add to the database. 1463 * This must not be {@code null}. 1464 * @return The number of values that were inserted. 1465 */ 1466 @Override 1467 public int bulkInsert(@NonNull Uri uri, @NonNull ContentValues[] values) { 1468 int numValues = values.length; 1469 for (int i = 0; i < numValues; i++) { 1470 insert(uri, values[i]); 1471 } 1472 return numValues; 1473 } 1474 1475 /** 1476 * Implement this to handle requests to delete one or more rows. 1477 * The implementation should apply the selection clause when performing 1478 * deletion, allowing the operation to affect multiple rows in a directory. 1479 * As a courtesy, call {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) notifyChange()} 1480 * after deleting. 1481 * This method can be called from multiple threads, as described in 1482 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1483 * and Threads</a>. 1484 * 1485 * <p>The implementation is responsible for parsing out a row ID at the end 1486 * of the URI, if a specific row is being deleted. That is, the client would 1487 * pass in <code>content://contacts/people/22</code> and the implementation is 1488 * responsible for parsing the record number (22) when creating a SQL statement. 1489 * 1490 * @param uri The full URI to query, including a row ID (if a specific record is requested). 1491 * @param selection An optional restriction to apply to rows when deleting. 1492 * @return The number of rows affected. 1493 * @throws SQLException 1494 */ 1495 @Override 1496 public abstract int delete(@NonNull Uri uri, @Nullable String selection, 1497 @Nullable String[] selectionArgs); 1498 1499 /** 1500 * Implement this to handle requests to update one or more rows. 1501 * The implementation should update all rows matching the selection 1502 * to set the columns according to the provided values map. 1503 * As a courtesy, call {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) notifyChange()} 1504 * after updating. 1505 * This method can be called from multiple threads, as described in 1506 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1507 * and Threads</a>. 1508 * 1509 * @param uri The URI to query. This can potentially have a record ID if this 1510 * is an update request for a specific record. 1511 * @param values A set of column_name/value pairs to update in the database. 1512 * This must not be {@code null}. 1513 * @param selection An optional filter to match rows to update. 1514 * @return the number of rows affected. 1515 */ 1516 @Override 1517 public abstract int update(@NonNull Uri uri, @Nullable ContentValues values, 1518 @Nullable String selection, @Nullable String[] selectionArgs); 1519 1520 /** 1521 * Override this to handle requests to open a file blob. 1522 * The default implementation always throws {@link FileNotFoundException}. 1523 * This method can be called from multiple threads, as described in 1524 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1525 * and Threads</a>. 1526 * 1527 * <p>This method returns a ParcelFileDescriptor, which is returned directly 1528 * to the caller. This way large data (such as images and documents) can be 1529 * returned without copying the content. 1530 * 1531 * <p>The returned ParcelFileDescriptor is owned by the caller, so it is 1532 * their responsibility to close it when done. That is, the implementation 1533 * of this method should create a new ParcelFileDescriptor for each call. 1534 * <p> 1535 * If opened with the exclusive "r" or "w" modes, the returned 1536 * ParcelFileDescriptor can be a pipe or socket pair to enable streaming 1537 * of data. Opening with the "rw" or "rwt" modes implies a file on disk that 1538 * supports seeking. 1539 * <p> 1540 * If you need to detect when the returned ParcelFileDescriptor has been 1541 * closed, or if the remote process has crashed or encountered some other 1542 * error, you can use {@link ParcelFileDescriptor#open(File, int, 1543 * android.os.Handler, android.os.ParcelFileDescriptor.OnCloseListener)}, 1544 * {@link ParcelFileDescriptor#createReliablePipe()}, or 1545 * {@link ParcelFileDescriptor#createReliableSocketPair()}. 1546 * <p> 1547 * If you need to return a large file that isn't backed by a real file on 1548 * disk, such as a file on a network share or cloud storage service, 1549 * consider using 1550 * {@link StorageManager#openProxyFileDescriptor(int, android.os.ProxyFileDescriptorCallback, android.os.Handler)} 1551 * which will let you to stream the content on-demand. 1552 * 1553 * <p class="note">For use in Intents, you will want to implement {@link #getType} 1554 * to return the appropriate MIME type for the data returned here with 1555 * the same URI. This will allow intent resolution to automatically determine the data MIME 1556 * type and select the appropriate matching targets as part of its operation.</p> 1557 * 1558 * <p class="note">For better interoperability with other applications, it is recommended 1559 * that for any URIs that can be opened, you also support queries on them 1560 * containing at least the columns specified by {@link android.provider.OpenableColumns}. 1561 * You may also want to support other common columns if you have additional meta-data 1562 * to supply, such as {@link android.provider.MediaStore.MediaColumns#DATE_ADDED} 1563 * in {@link android.provider.MediaStore.MediaColumns}.</p> 1564 * 1565 * @param uri The URI whose file is to be opened. 1566 * @param mode Access mode for the file. May be "r" for read-only access, 1567 * "rw" for read and write access, or "rwt" for read and write access 1568 * that truncates any existing file. 1569 * 1570 * @return Returns a new ParcelFileDescriptor which you can use to access 1571 * the file. 1572 * 1573 * @throws FileNotFoundException Throws FileNotFoundException if there is 1574 * no file associated with the given URI or the mode is invalid. 1575 * @throws SecurityException Throws SecurityException if the caller does 1576 * not have permission to access the file. 1577 * 1578 * @see #openAssetFile(Uri, String) 1579 * @see #openFileHelper(Uri, String) 1580 * @see #getType(android.net.Uri) 1581 * @see ParcelFileDescriptor#parseMode(String) 1582 */ 1583 public @Nullable ParcelFileDescriptor openFile(@NonNull Uri uri, @NonNull String mode) 1584 throws FileNotFoundException { 1585 throw new FileNotFoundException("No files supported by provider at " 1586 + uri); 1587 } 1588 1589 /** 1590 * Override this to handle requests to open a file blob. 1591 * The default implementation always throws {@link FileNotFoundException}. 1592 * This method can be called from multiple threads, as described in 1593 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1594 * and Threads</a>. 1595 * 1596 * <p>This method returns a ParcelFileDescriptor, which is returned directly 1597 * to the caller. This way large data (such as images and documents) can be 1598 * returned without copying the content. 1599 * 1600 * <p>The returned ParcelFileDescriptor is owned by the caller, so it is 1601 * their responsibility to close it when done. That is, the implementation 1602 * of this method should create a new ParcelFileDescriptor for each call. 1603 * <p> 1604 * If opened with the exclusive "r" or "w" modes, the returned 1605 * ParcelFileDescriptor can be a pipe or socket pair to enable streaming 1606 * of data. Opening with the "rw" or "rwt" modes implies a file on disk that 1607 * supports seeking. 1608 * <p> 1609 * If you need to detect when the returned ParcelFileDescriptor has been 1610 * closed, or if the remote process has crashed or encountered some other 1611 * error, you can use {@link ParcelFileDescriptor#open(File, int, 1612 * android.os.Handler, android.os.ParcelFileDescriptor.OnCloseListener)}, 1613 * {@link ParcelFileDescriptor#createReliablePipe()}, or 1614 * {@link ParcelFileDescriptor#createReliableSocketPair()}. 1615 * 1616 * <p class="note">For use in Intents, you will want to implement {@link #getType} 1617 * to return the appropriate MIME type for the data returned here with 1618 * the same URI. This will allow intent resolution to automatically determine the data MIME 1619 * type and select the appropriate matching targets as part of its operation.</p> 1620 * 1621 * <p class="note">For better interoperability with other applications, it is recommended 1622 * that for any URIs that can be opened, you also support queries on them 1623 * containing at least the columns specified by {@link android.provider.OpenableColumns}. 1624 * You may also want to support other common columns if you have additional meta-data 1625 * to supply, such as {@link android.provider.MediaStore.MediaColumns#DATE_ADDED} 1626 * in {@link android.provider.MediaStore.MediaColumns}.</p> 1627 * 1628 * @param uri The URI whose file is to be opened. 1629 * @param mode Access mode for the file. May be "r" for read-only access, 1630 * "w" for write-only access, "rw" for read and write access, or 1631 * "rwt" for read and write access that truncates any existing 1632 * file. 1633 * @param signal A signal to cancel the operation in progress, or 1634 * {@code null} if none. For example, if you are downloading a 1635 * file from the network to service a "rw" mode request, you 1636 * should periodically call 1637 * {@link CancellationSignal#throwIfCanceled()} to check whether 1638 * the client has canceled the request and abort the download. 1639 * 1640 * @return Returns a new ParcelFileDescriptor which you can use to access 1641 * the file. 1642 * 1643 * @throws FileNotFoundException Throws FileNotFoundException if there is 1644 * no file associated with the given URI or the mode is invalid. 1645 * @throws SecurityException Throws SecurityException if the caller does 1646 * not have permission to access the file. 1647 * 1648 * @see #openAssetFile(Uri, String) 1649 * @see #openFileHelper(Uri, String) 1650 * @see #getType(android.net.Uri) 1651 * @see ParcelFileDescriptor#parseMode(String) 1652 */ 1653 @Override 1654 public @Nullable ParcelFileDescriptor openFile(@NonNull Uri uri, @NonNull String mode, 1655 @Nullable CancellationSignal signal) throws FileNotFoundException { 1656 return openFile(uri, mode); 1657 } 1658 1659 /** 1660 * This is like {@link #openFile}, but can be implemented by providers 1661 * that need to be able to return sub-sections of files, often assets 1662 * inside of their .apk. 1663 * This method can be called from multiple threads, as described in 1664 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1665 * and Threads</a>. 1666 * 1667 * <p>If you implement this, your clients must be able to deal with such 1668 * file slices, either directly with 1669 * {@link ContentResolver#openAssetFileDescriptor}, or by using the higher-level 1670 * {@link ContentResolver#openInputStream ContentResolver.openInputStream} 1671 * or {@link ContentResolver#openOutputStream ContentResolver.openOutputStream} 1672 * methods. 1673 * <p> 1674 * The returned AssetFileDescriptor can be a pipe or socket pair to enable 1675 * streaming of data. 1676 * 1677 * <p class="note">If you are implementing this to return a full file, you 1678 * should create the AssetFileDescriptor with 1679 * {@link AssetFileDescriptor#UNKNOWN_LENGTH} to be compatible with 1680 * applications that cannot handle sub-sections of files.</p> 1681 * 1682 * <p class="note">For use in Intents, you will want to implement {@link #getType} 1683 * to return the appropriate MIME type for the data returned here with 1684 * the same URI. This will allow intent resolution to automatically determine the data MIME 1685 * type and select the appropriate matching targets as part of its operation.</p> 1686 * 1687 * <p class="note">For better interoperability with other applications, it is recommended 1688 * that for any URIs that can be opened, you also support queries on them 1689 * containing at least the columns specified by {@link android.provider.OpenableColumns}.</p> 1690 * 1691 * @param uri The URI whose file is to be opened. 1692 * @param mode Access mode for the file. May be "r" for read-only access, 1693 * "w" for write-only access (erasing whatever data is currently in 1694 * the file), "wa" for write-only access to append to any existing data, 1695 * "rw" for read and write access on any existing data, and "rwt" for read 1696 * and write access that truncates any existing file. 1697 * 1698 * @return Returns a new AssetFileDescriptor which you can use to access 1699 * the file. 1700 * 1701 * @throws FileNotFoundException Throws FileNotFoundException if there is 1702 * no file associated with the given URI or the mode is invalid. 1703 * @throws SecurityException Throws SecurityException if the caller does 1704 * not have permission to access the file. 1705 * 1706 * @see #openFile(Uri, String) 1707 * @see #openFileHelper(Uri, String) 1708 * @see #getType(android.net.Uri) 1709 */ 1710 public @Nullable AssetFileDescriptor openAssetFile(@NonNull Uri uri, @NonNull String mode) 1711 throws FileNotFoundException { 1712 ParcelFileDescriptor fd = openFile(uri, mode); 1713 return fd != null ? new AssetFileDescriptor(fd, 0, -1) : null; 1714 } 1715 1716 /** 1717 * This is like {@link #openFile}, but can be implemented by providers 1718 * that need to be able to return sub-sections of files, often assets 1719 * inside of their .apk. 1720 * This method can be called from multiple threads, as described in 1721 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 1722 * and Threads</a>. 1723 * 1724 * <p>If you implement this, your clients must be able to deal with such 1725 * file slices, either directly with 1726 * {@link ContentResolver#openAssetFileDescriptor}, or by using the higher-level 1727 * {@link ContentResolver#openInputStream ContentResolver.openInputStream} 1728 * or {@link ContentResolver#openOutputStream ContentResolver.openOutputStream} 1729 * methods. 1730 * <p> 1731 * The returned AssetFileDescriptor can be a pipe or socket pair to enable 1732 * streaming of data. 1733 * 1734 * <p class="note">If you are implementing this to return a full file, you 1735 * should create the AssetFileDescriptor with 1736 * {@link AssetFileDescriptor#UNKNOWN_LENGTH} to be compatible with 1737 * applications that cannot handle sub-sections of files.</p> 1738 * 1739 * <p class="note">For use in Intents, you will want to implement {@link #getType} 1740 * to return the appropriate MIME type for the data returned here with 1741 * the same URI. This will allow intent resolution to automatically determine the data MIME 1742 * type and select the appropriate matching targets as part of its operation.</p> 1743 * 1744 * <p class="note">For better interoperability with other applications, it is recommended 1745 * that for any URIs that can be opened, you also support queries on them 1746 * containing at least the columns specified by {@link android.provider.OpenableColumns}.</p> 1747 * 1748 * @param uri The URI whose file is to be opened. 1749 * @param mode Access mode for the file. May be "r" for read-only access, 1750 * "w" for write-only access (erasing whatever data is currently in 1751 * the file), "wa" for write-only access to append to any existing data, 1752 * "rw" for read and write access on any existing data, and "rwt" for read 1753 * and write access that truncates any existing file. 1754 * @param signal A signal to cancel the operation in progress, or 1755 * {@code null} if none. For example, if you are downloading a 1756 * file from the network to service a "rw" mode request, you 1757 * should periodically call 1758 * {@link CancellationSignal#throwIfCanceled()} to check whether 1759 * the client has canceled the request and abort the download. 1760 * 1761 * @return Returns a new AssetFileDescriptor which you can use to access 1762 * the file. 1763 * 1764 * @throws FileNotFoundException Throws FileNotFoundException if there is 1765 * no file associated with the given URI or the mode is invalid. 1766 * @throws SecurityException Throws SecurityException if the caller does 1767 * not have permission to access the file. 1768 * 1769 * @see #openFile(Uri, String) 1770 * @see #openFileHelper(Uri, String) 1771 * @see #getType(android.net.Uri) 1772 */ 1773 @Override 1774 public @Nullable AssetFileDescriptor openAssetFile(@NonNull Uri uri, @NonNull String mode, 1775 @Nullable CancellationSignal signal) throws FileNotFoundException { 1776 return openAssetFile(uri, mode); 1777 } 1778 1779 /** 1780 * Convenience for subclasses that wish to implement {@link #openFile} 1781 * by looking up a column named "_data" at the given URI. 1782 * 1783 * @param uri The URI to be opened. 1784 * @param mode The file mode. May be "r" for read-only access, 1785 * "w" for write-only access (erasing whatever data is currently in 1786 * the file), "wa" for write-only access to append to any existing data, 1787 * "rw" for read and write access on any existing data, and "rwt" for read 1788 * and write access that truncates any existing file. 1789 * 1790 * @return Returns a new ParcelFileDescriptor that can be used by the 1791 * client to access the file. 1792 */ 1793 protected final @NonNull ParcelFileDescriptor openFileHelper(@NonNull Uri uri, 1794 @NonNull String mode) throws FileNotFoundException { 1795 Cursor c = query(uri, new String[]{"_data"}, null, null, null); 1796 int count = (c != null) ? c.getCount() : 0; 1797 if (count != 1) { 1798 // If there is not exactly one result, throw an appropriate 1799 // exception. 1800 if (c != null) { 1801 c.close(); 1802 } 1803 if (count == 0) { 1804 throw new FileNotFoundException("No entry for " + uri); 1805 } 1806 throw new FileNotFoundException("Multiple items at " + uri); 1807 } 1808 1809 c.moveToFirst(); 1810 int i = c.getColumnIndex("_data"); 1811 String path = (i >= 0 ? c.getString(i) : null); 1812 c.close(); 1813 if (path == null) { 1814 throw new FileNotFoundException("Column _data not found."); 1815 } 1816 1817 int modeBits = ParcelFileDescriptor.parseMode(mode); 1818 return ParcelFileDescriptor.open(new File(path), modeBits); 1819 } 1820 1821 /** 1822 * Called by a client to determine the types of data streams that this 1823 * content provider supports for the given URI. The default implementation 1824 * returns {@code null}, meaning no types. If your content provider stores data 1825 * of a particular type, return that MIME type if it matches the given 1826 * mimeTypeFilter. If it can perform type conversions, return an array 1827 * of all supported MIME types that match mimeTypeFilter. 1828 * 1829 * @param uri The data in the content provider being queried. 1830 * @param mimeTypeFilter The type of data the client desires. May be 1831 * a pattern, such as */* to retrieve all possible data types. 1832 * @return Returns {@code null} if there are no possible data streams for the 1833 * given mimeTypeFilter. Otherwise returns an array of all available 1834 * concrete MIME types. 1835 * 1836 * @see #getType(Uri) 1837 * @see #openTypedAssetFile(Uri, String, Bundle) 1838 * @see ClipDescription#compareMimeTypes(String, String) 1839 */ 1840 @Override 1841 public @Nullable String[] getStreamTypes(@NonNull Uri uri, @NonNull String mimeTypeFilter) { 1842 return null; 1843 } 1844 1845 /** 1846 * Called by a client to open a read-only stream containing data of a 1847 * particular MIME type. This is like {@link #openAssetFile(Uri, String)}, 1848 * except the file can only be read-only and the content provider may 1849 * perform data conversions to generate data of the desired type. 1850 * 1851 * <p>The default implementation compares the given mimeType against the 1852 * result of {@link #getType(Uri)} and, if they match, simply calls 1853 * {@link #openAssetFile(Uri, String)}. 1854 * 1855 * <p>See {@link ClipData} for examples of the use and implementation 1856 * of this method. 1857 * <p> 1858 * The returned AssetFileDescriptor can be a pipe or socket pair to enable 1859 * streaming of data. 1860 * 1861 * <p class="note">For better interoperability with other applications, it is recommended 1862 * that for any URIs that can be opened, you also support queries on them 1863 * containing at least the columns specified by {@link android.provider.OpenableColumns}. 1864 * You may also want to support other common columns if you have additional meta-data 1865 * to supply, such as {@link android.provider.MediaStore.MediaColumns#DATE_ADDED} 1866 * in {@link android.provider.MediaStore.MediaColumns}.</p> 1867 * 1868 * @param uri The data in the content provider being queried. 1869 * @param mimeTypeFilter The type of data the client desires. May be 1870 * a pattern, such as */*, if the caller does not have specific type 1871 * requirements; in this case the content provider will pick its best 1872 * type matching the pattern. 1873 * @param opts Additional options from the client. The definitions of 1874 * these are specific to the content provider being called. 1875 * 1876 * @return Returns a new AssetFileDescriptor from which the client can 1877 * read data of the desired type. 1878 * 1879 * @throws FileNotFoundException Throws FileNotFoundException if there is 1880 * no file associated with the given URI or the mode is invalid. 1881 * @throws SecurityException Throws SecurityException if the caller does 1882 * not have permission to access the data. 1883 * @throws IllegalArgumentException Throws IllegalArgumentException if the 1884 * content provider does not support the requested MIME type. 1885 * 1886 * @see #getStreamTypes(Uri, String) 1887 * @see #openAssetFile(Uri, String) 1888 * @see ClipDescription#compareMimeTypes(String, String) 1889 */ 1890 public @Nullable AssetFileDescriptor openTypedAssetFile(@NonNull Uri uri, 1891 @NonNull String mimeTypeFilter, @Nullable Bundle opts) throws FileNotFoundException { 1892 if ("*/*".equals(mimeTypeFilter)) { 1893 // If they can take anything, the untyped open call is good enough. 1894 return openAssetFile(uri, "r"); 1895 } 1896 String baseType = getType(uri); 1897 if (baseType != null && ClipDescription.compareMimeTypes(baseType, mimeTypeFilter)) { 1898 // Use old untyped open call if this provider has a type for this 1899 // URI and it matches the request. 1900 return openAssetFile(uri, "r"); 1901 } 1902 throw new FileNotFoundException("Can't open " + uri + " as type " + mimeTypeFilter); 1903 } 1904 1905 1906 /** 1907 * Called by a client to open a read-only stream containing data of a 1908 * particular MIME type. This is like {@link #openAssetFile(Uri, String)}, 1909 * except the file can only be read-only and the content provider may 1910 * perform data conversions to generate data of the desired type. 1911 * 1912 * <p>The default implementation compares the given mimeType against the 1913 * result of {@link #getType(Uri)} and, if they match, simply calls 1914 * {@link #openAssetFile(Uri, String)}. 1915 * 1916 * <p>See {@link ClipData} for examples of the use and implementation 1917 * of this method. 1918 * <p> 1919 * The returned AssetFileDescriptor can be a pipe or socket pair to enable 1920 * streaming of data. 1921 * 1922 * <p class="note">For better interoperability with other applications, it is recommended 1923 * that for any URIs that can be opened, you also support queries on them 1924 * containing at least the columns specified by {@link android.provider.OpenableColumns}. 1925 * You may also want to support other common columns if you have additional meta-data 1926 * to supply, such as {@link android.provider.MediaStore.MediaColumns#DATE_ADDED} 1927 * in {@link android.provider.MediaStore.MediaColumns}.</p> 1928 * 1929 * @param uri The data in the content provider being queried. 1930 * @param mimeTypeFilter The type of data the client desires. May be 1931 * a pattern, such as */*, if the caller does not have specific type 1932 * requirements; in this case the content provider will pick its best 1933 * type matching the pattern. 1934 * @param opts Additional options from the client. The definitions of 1935 * these are specific to the content provider being called. 1936 * @param signal A signal to cancel the operation in progress, or 1937 * {@code null} if none. For example, if you are downloading a 1938 * file from the network to service a "rw" mode request, you 1939 * should periodically call 1940 * {@link CancellationSignal#throwIfCanceled()} to check whether 1941 * the client has canceled the request and abort the download. 1942 * 1943 * @return Returns a new AssetFileDescriptor from which the client can 1944 * read data of the desired type. 1945 * 1946 * @throws FileNotFoundException Throws FileNotFoundException if there is 1947 * no file associated with the given URI or the mode is invalid. 1948 * @throws SecurityException Throws SecurityException if the caller does 1949 * not have permission to access the data. 1950 * @throws IllegalArgumentException Throws IllegalArgumentException if the 1951 * content provider does not support the requested MIME type. 1952 * 1953 * @see #getStreamTypes(Uri, String) 1954 * @see #openAssetFile(Uri, String) 1955 * @see ClipDescription#compareMimeTypes(String, String) 1956 */ 1957 @Override 1958 public @Nullable AssetFileDescriptor openTypedAssetFile(@NonNull Uri uri, 1959 @NonNull String mimeTypeFilter, @Nullable Bundle opts, 1960 @Nullable CancellationSignal signal) throws FileNotFoundException { 1961 return openTypedAssetFile(uri, mimeTypeFilter, opts); 1962 } 1963 1964 /** 1965 * Interface to write a stream of data to a pipe. Use with 1966 * {@link ContentProvider#openPipeHelper}. 1967 */ 1968 public interface PipeDataWriter<T> { 1969 /** 1970 * Called from a background thread to stream data out to a pipe. 1971 * Note that the pipe is blocking, so this thread can block on 1972 * writes for an arbitrary amount of time if the client is slow 1973 * at reading. 1974 * 1975 * @param output The pipe where data should be written. This will be 1976 * closed for you upon returning from this function. 1977 * @param uri The URI whose data is to be written. 1978 * @param mimeType The desired type of data to be written. 1979 * @param opts Options supplied by caller. 1980 * @param args Your own custom arguments. 1981 */ 1982 public void writeDataToPipe(@NonNull ParcelFileDescriptor output, @NonNull Uri uri, 1983 @NonNull String mimeType, @Nullable Bundle opts, @Nullable T args); 1984 } 1985 1986 /** 1987 * A helper function for implementing {@link #openTypedAssetFile}, for 1988 * creating a data pipe and background thread allowing you to stream 1989 * generated data back to the client. This function returns a new 1990 * ParcelFileDescriptor that should be returned to the caller (the caller 1991 * is responsible for closing it). 1992 * 1993 * @param uri The URI whose data is to be written. 1994 * @param mimeType The desired type of data to be written. 1995 * @param opts Options supplied by caller. 1996 * @param args Your own custom arguments. 1997 * @param func Interface implementing the function that will actually 1998 * stream the data. 1999 * @return Returns a new ParcelFileDescriptor holding the read side of 2000 * the pipe. This should be returned to the caller for reading; the caller 2001 * is responsible for closing it when done. 2002 */ 2003 public @NonNull <T> ParcelFileDescriptor openPipeHelper(final @NonNull Uri uri, 2004 final @NonNull String mimeType, final @Nullable Bundle opts, final @Nullable T args, 2005 final @NonNull PipeDataWriter<T> func) throws FileNotFoundException { 2006 try { 2007 final ParcelFileDescriptor[] fds = ParcelFileDescriptor.createPipe(); 2008 2009 AsyncTask<Object, Object, Object> task = new AsyncTask<Object, Object, Object>() { 2010 @Override 2011 protected Object doInBackground(Object... params) { 2012 func.writeDataToPipe(fds[1], uri, mimeType, opts, args); 2013 try { 2014 fds[1].close(); 2015 } catch (IOException e) { 2016 Log.w(TAG, "Failure closing pipe", e); 2017 } 2018 return null; 2019 } 2020 }; 2021 task.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR, (Object[])null); 2022 2023 return fds[0]; 2024 } catch (IOException e) { 2025 throw new FileNotFoundException("failure making pipe"); 2026 } 2027 } 2028 2029 /** 2030 * Returns true if this instance is a temporary content provider. 2031 * @return true if this instance is a temporary content provider 2032 */ 2033 protected boolean isTemporary() { 2034 return false; 2035 } 2036 2037 /** 2038 * Returns the Binder object for this provider. 2039 * 2040 * @return the Binder object for this provider 2041 * @hide 2042 */ 2043 @UnsupportedAppUsage 2044 public IContentProvider getIContentProvider() { 2045 return mTransport; 2046 } 2047 2048 /** 2049 * Like {@link #attachInfo(Context, android.content.pm.ProviderInfo)}, but for use 2050 * when directly instantiating the provider for testing. 2051 * @hide 2052 */ 2053 @UnsupportedAppUsage 2054 public void attachInfoForTesting(Context context, ProviderInfo info) { 2055 attachInfo(context, info, true); 2056 } 2057 2058 /** 2059 * After being instantiated, this is called to tell the content provider 2060 * about itself. 2061 * 2062 * @param context The context this provider is running in 2063 * @param info Registered information about this content provider 2064 */ 2065 public void attachInfo(Context context, ProviderInfo info) { 2066 attachInfo(context, info, false); 2067 } 2068 2069 private void attachInfo(Context context, ProviderInfo info, boolean testing) { 2070 mNoPerms = testing; 2071 mCallingPackage = new ThreadLocal<>(); 2072 2073 /* 2074 * Only allow it to be set once, so after the content service gives 2075 * this to us clients can't change it. 2076 */ 2077 if (mContext == null) { 2078 mContext = context; 2079 if (context != null && mTransport != null) { 2080 mTransport.mAppOpsManager = (AppOpsManager) context.getSystemService( 2081 Context.APP_OPS_SERVICE); 2082 } 2083 mMyUid = Process.myUid(); 2084 if (info != null) { 2085 setReadPermission(info.readPermission); 2086 setWritePermission(info.writePermission); 2087 setPathPermissions(info.pathPermissions); 2088 mExported = info.exported; 2089 mSingleUser = (info.flags & ProviderInfo.FLAG_SINGLE_USER) != 0; 2090 setAuthorities(info.authority); 2091 } 2092 ContentProvider.this.onCreate(); 2093 } 2094 } 2095 2096 /** 2097 * Override this to handle requests to perform a batch of operations, or the 2098 * default implementation will iterate over the operations and call 2099 * {@link ContentProviderOperation#apply} on each of them. 2100 * If all calls to {@link ContentProviderOperation#apply} succeed 2101 * then a {@link ContentProviderResult} array with as many 2102 * elements as there were operations will be returned. If any of the calls 2103 * fail, it is up to the implementation how many of the others take effect. 2104 * This method can be called from multiple threads, as described in 2105 * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes 2106 * and Threads</a>. 2107 * 2108 * @param operations the operations to apply 2109 * @return the results of the applications 2110 * @throws OperationApplicationException thrown if any operation fails. 2111 * @see ContentProviderOperation#apply 2112 */ 2113 @Override 2114 public @NonNull ContentProviderResult[] applyBatch(@NonNull String authority, 2115 @NonNull ArrayList<ContentProviderOperation> operations) 2116 throws OperationApplicationException { 2117 return applyBatch(operations); 2118 } 2119 2120 public @NonNull ContentProviderResult[] applyBatch( 2121 @NonNull ArrayList<ContentProviderOperation> operations) 2122 throws OperationApplicationException { 2123 final int numOperations = operations.size(); 2124 final ContentProviderResult[] results = new ContentProviderResult[numOperations]; 2125 for (int i = 0; i < numOperations; i++) { 2126 results[i] = operations.get(i).apply(this, results, i); 2127 } 2128 return results; 2129 } 2130 2131 /** 2132 * Call a provider-defined method. This can be used to implement 2133 * interfaces that are cheaper and/or unnatural for a table-like 2134 * model. 2135 * 2136 * <p class="note"><strong>WARNING:</strong> The framework does no permission checking 2137 * on this entry into the content provider besides the basic ability for the application 2138 * to get access to the provider at all. For example, it has no idea whether the call 2139 * being executed may read or write data in the provider, so can't enforce those 2140 * individual permissions. Any implementation of this method <strong>must</strong> 2141 * do its own permission checks on incoming calls to make sure they are allowed.</p> 2142 * 2143 * @param method method name to call. Opaque to framework, but should not be {@code null}. 2144 * @param arg provider-defined String argument. May be {@code null}. 2145 * @param extras provider-defined Bundle argument. May be {@code null}. 2146 * @return provider-defined return value. May be {@code null}, which is also 2147 * the default for providers which don't implement any call methods. 2148 */ 2149 @Override 2150 public @Nullable Bundle call(@NonNull String authority, @NonNull String method, 2151 @Nullable String arg, @Nullable Bundle extras) { 2152 return call(method, arg, extras); 2153 } 2154 2155 public @Nullable Bundle call(@NonNull String method, @Nullable String arg, 2156 @Nullable Bundle extras) { 2157 return null; 2158 } 2159 2160 /** 2161 * Implement this to shut down the ContentProvider instance. You can then 2162 * invoke this method in unit tests. 2163 * 2164 * <p> 2165 * Android normally handles ContentProvider startup and shutdown 2166 * automatically. You do not need to start up or shut down a 2167 * ContentProvider. When you invoke a test method on a ContentProvider, 2168 * however, a ContentProvider instance is started and keeps running after 2169 * the test finishes, even if a succeeding test instantiates another 2170 * ContentProvider. A conflict develops because the two instances are 2171 * usually running against the same underlying data source (for example, an 2172 * sqlite database). 2173 * </p> 2174 * <p> 2175 * Implementing shutDown() avoids this conflict by providing a way to 2176 * terminate the ContentProvider. This method can also prevent memory leaks 2177 * from multiple instantiations of the ContentProvider, and it can ensure 2178 * unit test isolation by allowing you to completely clean up the test 2179 * fixture before moving on to the next test. 2180 * </p> 2181 */ 2182 public void shutdown() { 2183 Log.w(TAG, "implement ContentProvider shutdown() to make sure all database " + 2184 "connections are gracefully shutdown"); 2185 } 2186 2187 /** 2188 * Print the Provider's state into the given stream. This gets invoked if 2189 * you run "adb shell dumpsys activity provider <provider_component_name>". 2190 * 2191 * @param fd The raw file descriptor that the dump is being sent to. 2192 * @param writer The PrintWriter to which you should dump your state. This will be 2193 * closed for you after you return. 2194 * @param args additional arguments to the dump request. 2195 */ 2196 public void dump(FileDescriptor fd, PrintWriter writer, String[] args) { 2197 writer.println("nothing to dump"); 2198 } 2199 2200 private void validateIncomingAuthority(String authority) throws SecurityException { 2201 if (!matchesOurAuthorities(getAuthorityWithoutUserId(authority))) { 2202 String message = "The authority " + authority + " does not match the one of the " 2203 + "contentProvider: "; 2204 if (mAuthority != null) { 2205 message += mAuthority; 2206 } else { 2207 message += Arrays.toString(mAuthorities); 2208 } 2209 throw new SecurityException(message); 2210 } 2211 } 2212 2213 /** @hide */ 2214 @VisibleForTesting 2215 public Uri validateIncomingUri(Uri uri) throws SecurityException { 2216 String auth = uri.getAuthority(); 2217 if (!mSingleUser) { 2218 int userId = getUserIdFromAuthority(auth, UserHandle.USER_CURRENT); 2219 if (userId != UserHandle.USER_CURRENT && userId != mContext.getUserId()) { 2220 throw new SecurityException("trying to query a ContentProvider in user " 2221 + mContext.getUserId() + " with a uri belonging to user " + userId); 2222 } 2223 } 2224 validateIncomingAuthority(auth); 2225 2226 // Normalize the path by removing any empty path segments, which can be 2227 // a source of security issues. 2228 final String encodedPath = uri.getEncodedPath(); 2229 if (encodedPath != null && encodedPath.indexOf("//") != -1) { 2230 final Uri normalized = uri.buildUpon() 2231 .encodedPath(encodedPath.replaceAll("//+", "/")).build(); 2232 Log.w(TAG, "Normalized " + uri + " to " + normalized 2233 + " to avoid possible security issues"); 2234 return normalized; 2235 } else { 2236 return uri; 2237 } 2238 } 2239 2240 /** @hide */ 2241 private Uri maybeGetUriWithoutUserId(Uri uri) { 2242 if (mSingleUser) { 2243 return uri; 2244 } 2245 return getUriWithoutUserId(uri); 2246 } 2247 2248 /** @hide */ 2249 public static int getUserIdFromAuthority(String auth, int defaultUserId) { 2250 if (auth == null) return defaultUserId; 2251 int end = auth.lastIndexOf('@'); 2252 if (end == -1) return defaultUserId; 2253 String userIdString = auth.substring(0, end); 2254 try { 2255 return Integer.parseInt(userIdString); 2256 } catch (NumberFormatException e) { 2257 Log.w(TAG, "Error parsing userId.", e); 2258 return UserHandle.USER_NULL; 2259 } 2260 } 2261 2262 /** @hide */ 2263 public static int getUserIdFromAuthority(String auth) { 2264 return getUserIdFromAuthority(auth, UserHandle.USER_CURRENT); 2265 } 2266 2267 /** @hide */ 2268 public static int getUserIdFromUri(Uri uri, int defaultUserId) { 2269 if (uri == null) return defaultUserId; 2270 return getUserIdFromAuthority(uri.getAuthority(), defaultUserId); 2271 } 2272 2273 /** @hide */ 2274 public static int getUserIdFromUri(Uri uri) { 2275 return getUserIdFromUri(uri, UserHandle.USER_CURRENT); 2276 } 2277 2278 /** 2279 * Removes userId part from authority string. Expects format: 2280 * userId (at) some.authority 2281 * If there is no userId in the authority, it symply returns the argument 2282 * @hide 2283 */ 2284 public static String getAuthorityWithoutUserId(String auth) { 2285 if (auth == null) return null; 2286 int end = auth.lastIndexOf('@'); 2287 return auth.substring(end+1); 2288 } 2289 2290 /** @hide */ 2291 public static Uri getUriWithoutUserId(Uri uri) { 2292 if (uri == null) return null; 2293 Uri.Builder builder = uri.buildUpon(); 2294 builder.authority(getAuthorityWithoutUserId(uri.getAuthority())); 2295 return builder.build(); 2296 } 2297 2298 /** @hide */ 2299 public static boolean uriHasUserId(Uri uri) { 2300 if (uri == null) return false; 2301 return !TextUtils.isEmpty(uri.getUserInfo()); 2302 } 2303 2304 /** @hide */ 2305 @UnsupportedAppUsage 2306 public static Uri maybeAddUserId(Uri uri, int userId) { 2307 if (uri == null) return null; 2308 if (userId != UserHandle.USER_CURRENT 2309 && ContentResolver.SCHEME_CONTENT.equals(uri.getScheme())) { 2310 if (!uriHasUserId(uri)) { 2311 //We don't add the user Id if there's already one 2312 Uri.Builder builder = uri.buildUpon(); 2313 builder.encodedAuthority("" + userId + "@" + uri.getEncodedAuthority()); 2314 return builder.build(); 2315 } 2316 } 2317 return uri; 2318 } 2319 } 2320
